Skip to:

Safe Mode Off and JS Infection Issue

  • Ali Erkurt


    Hello. As you know we have to use BP with safe mode disabled. But this might cause some hack and infection issues. A simple code might infect all .JS files -including plugin files- and all the index.php and home.php files. You can try changing your FTP client and password. You can also upgrade your WP to the latest version. But, is it still risky to have a safe mode off system? How can we defend our site against those infections? I’m concerned about that… Thanks.

Viewing 4 replies - 1 through 4 (of 4 total)
  • What issues are you encountering with BuddyPress when PHP Safe Mode is enabled?

    If you want to run with PHP Safe Mode on then do but you will need to understand what it does and why it does it in order that you can manage the file upload issues.

    It was always? acknowledged as a fundamentally flawed approach to try and add server security for shared host environments via a scripting language and to back that up as it were PHP 6 removes ‘Safe Mode’ altogether. Server security is a deep and broad ranging subject ‘Safe Mode’ is probably not that useful or all encompassing as it may sound; but it’s your choice you can run with it on if you spend a little time configuring your server, but a little more reading up on hardening a server against attack would be advised if you are worried by this aspect.

    Ali Erkurt


    @DJPaul I had that infection issue three times on my web site and I had to re-upload all files to the server. I think this happens when safe mode is off. Now I want to install BP to another site and to upload avatars, I need to turn safe mode off. If I do that, does that cause same infection issues?

    That infection? what infection is that then? There are a thousand ways a server can be compromised, it might be possible that having ‘Safe Mode’ on helps to prevent one possible avenue, but you would probably be better off running a well configured Mod_Security module.

    As I wrote above I wouldn’t put a huge amount of faith in PHP Safe Mode due to the fact that PHP themselves are removing it entirely from distros.

    Not sure that your statement As you know we have to use BP with safe mode disabled is accurate I would advise it’s turned off to avoid issues but equally you can configure it to work for your setup and leave it on it you feel more secure that way.

    After all is said and done server security is outside the scope of this support group, it’s not essentially a BP issue, however there are a few good pages written on WP security if you visit the WP codex.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Safe Mode Off and JS Infection Issue’ is closed to new replies.
Skip to toolbar